EP3275123A1 - Goal-driven provisioning in lot systems - Google Patents
Goal-driven provisioning in lot systemsInfo
- Publication number
- EP3275123A1 EP3275123A1 EP16769277.1A EP16769277A EP3275123A1 EP 3275123 A1 EP3275123 A1 EP 3275123A1 EP 16769277 A EP16769277 A EP 16769277A EP 3275123 A1 EP3275123 A1 EP 3275123A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- state
- iot
- shoal
- provisioning
- accordance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 14
- 238000004891 communication Methods 0.000 claims description 81
- 230000009471 action Effects 0.000 claims description 22
- 230000006870 function Effects 0.000 claims description 10
- 238000012163 sequencing technique Methods 0.000 claims description 4
- 230000036541 health Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 7
- 230000007246 mechanism Effects 0.000 abstract description 2
- 230000007704 transition Effects 0.000 description 9
- 230000008901 benefit Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000005067 remediation Methods 0.000 description 5
- 238000013459 approach Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 239000002826 coolant Substances 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 208000033748 Device issues Diseases 0.000 description 1
- 240000007643 Phytolacca americana Species 0.000 description 1
- 238000005267 amalgamation Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 125000000524 functional group Chemical group 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000003362 replicative effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/041—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 using an encryption or decryption engine integrated in transmitted data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Definitions
- Embodiments described herein generally relate to computer network operations. More particularly, embodiments described herein relate to provisioning devices that are organized into self-directed functional groups.
- the phrase Internet of Things refers to physical objects, devices or “things” embedded with electronics, software and the ability to connect to the Internet.
- the connectivity permits the implementation of systems that monitor and control an activity.
- multiple pumps in a nuclear power plant may be controlled (turned on/off or throttled) based on a number of factors such as the desired power level, coolant temperature, and the operation of other pumps within the coolant loop.
- sensors e.g., a light sensor
- actuators e.g., a light switch
- the Internet in contrast, was designed to facilitate host-to-host communication.
- traditional approaches to provisioning involve the use of trusted third parties such as manageability services, key management services and access management services.
- Recent trends in cloud computing have exacerbated this shift toward centralizing many security provisioning services.
- Centralized services represent a single point of failure for safety critical cyber-physical systems (think pump controllers in a nuclear power plant and health monitoring systems in a hospital).
- Centralized security provisioning services also imply a trust relationship is required between IoT devices and the central entity. Such centralization of trust represents a fallacious
- Figure 1 shows, in block diagram form, an IoT system in accordance with one embodiment.
- Figure 2 shows, in block diagram form, an IoT device in accordance with one embodiment.
- Figure 3 shows, in block diagram form, an illustrative IoT system in accordance with one embodiment.
- Figure 4 shows, in block diagram form, an illustrative IoT system in accordance with another embodiment.
- This disclosure pertains to systems, methods, and computer readable media to organize and operate IoT devices in a novel and non- obvious manner.
- techniques are disclosed for provisioning IoT devices in accordance with a state machine model. More particularly, collections of such IoT devices may be organized into enclaves, groups or "shoals" that operate as autonomous or semi-autonomous groups of devices functioning as a collective having a common objective or mission. IoT devices participating in a shoal may be provisioned with shoal-specific context information as part of their device-specific provisioning activity.
- a shoal context object can include a current state variable and a target next state variable.
- the shoal's target next state variable establishes a goal [e.g., for provisioning activity) without dictating how the individual shoal members (IoT device) are to achieve that goal.
- This mechanism may be used to drive a shoal's separate devices through their individual provisioning state machines until the shoal itself is made operational.
- IoT system 100 in accordance with one embodiment includes a number of IoT devices 105A-105F and 105G through 105N grouped into shoal-1 110 and shoal-2 115, router/gateway 120, network 125, key management server 130, access control management server 135 with management servers 130 and 135 identified collectively as third party service providers 140.
- each device may be as simple or as complex as its individual function requires; while only a limited number of devices have been shown, each shoal may include as many or as few devices as necessary to perform its designated function [e.g., the control of a series of pumps in a nuclear power plant or a single light); shoal-1 110 has been shown overlapping shoal-2 115 to illustrate that a single device may belong to more than one shoal, and should not be taken as limiting a device to 2 shoals; router/gateway 120 may be as simple or complex as needed [e.g., including both wireless and wired elements);
- network 125 represents 1 or more separate networks each of which may take any form including, but not limited to, a Local Area Network (LAN) or a Wide Area Network (WAN) such as the Internet, any of which may use any desired technology (wired, wireless or a combination thereof) and
- LAN Local Area Network
- WAN Wide Area Network
- IoT devices that may benefit from this disclosure include, but are not limited to, wearable devices [e.g., battery powered device), media players [e.g., for music and movies), home or factory automation (devices needing low latency communication for product interoperability), and smart devices [e.g., direct network connection that are tightly coupled to a service).
- wearable devices e.g., battery powered device
- media players e.g., for music and movies
- home or factory automation devices needing low latency communication for product interoperability
- smart devices e.g., direct network connection that are tightly coupled to a service.
- IoT device 105A in accordance with one embodiment includes cryptographic element 200, processor 205, memory 210, support circuitry or module 215, and device-specific elements 220.
- Cryptographic element 200 may be implemented in any appropriate fashion and, in one embodiment, may be a single tamper-resistant package that includes all of the necessary cryptographic processing capability necessary for device 105A to join a communications network and operate with other IoT devices within a secure environment. In other embodiments a secure operating environment may not need to be affirmatively established and so cryptographic element 200 may not be necessary [e.g., a shoal may operate in a physically secure environment such as that provided by an isolated network).
- Processor 205 may be any one or more processing elements (programmable or hardwired) and, in many IoT devices, is often resource constrained [e.g., having limited computational capability, memory, and access to power).
- Memory 210 may include memory cache, read-only memory (ROM), and/or random access memory (RAM).
- Support module 215 may include whatever additional components are needed to enable cryptographic element 200, processor 205 and memory 210 to interact with external components [e.g., one or more communication ports) and device- specific elements 220 to fulfill the purpose of the device such as, for example, sensors and/or actuators.
- IoT device 105A may at time of manufacture, or later, be loaded with the necessary cryptologic keys and certificates and at least one state machine in accordance with this disclosure.
- cryptologic element 200 may be loaded with a base set of keys and certificates when manufactured, while device 105A [e.g., memory 210) may be loaded by an OEM with one or more state machines.
- exemplary IoT system 300 includes IoT device 105A (including illustrative state machine 305) and remediation service 310. It will be understood that when a device is said to "have” or “include” a state machine, it means that some representation of the state machine has been delivered to or incorporated in the device. In one embodiment, the state machine may be represented by firmware
- the state machine may be represented in user-level program code.
- the state machine may be represented by a combination of firmware and user-level program code.
- the state machine may be represented by a combination of software and hardware.
- the state machine may be embodied directly in hardware [e.g., via field-programmable gate arrays). Also shown in FIG. 3 are device-specific and shoal-specific state information, 315 and 320
- Device-specific state information 315 can be that used by conventional IoT devices augmented by any additional state information needed to support the device's state machine such as, for example, a current state variable ('currentdstate') and a target next state variable ('nextdstate').
- Shoal-specific state information 320 can include a shoal state object that has at least 2 state variables. One to indicate the shoal's current state
- Table 1 enumerates the provisioning states that may be entered into during a device's progression from a primitive state [e.g.,
- OWNED to a fully functional state [e.g., OPERATIONAL) and corresponds to illustrative state machine 305.
- Table 2 describes the actions taken when transitioning from one state to a next state in state machine 305.
- the states identified in Table 1 and the actions identified in Table 2 constitute an illustrative state model only.
- An IoT device's actual state machine in accordance with this disclosure may have more or fewer states than those shown.
- the structure of state machine 305 has been made simple for presentational purposes.
- An actual state machine may be as simple or complex as the device's task requires.
- U N-OWN ED As built or provided by manufacturer.
- Device may include, for example, a base set of cryptographic keys, a PIN, or physical switch that can be used to place the device in a mode where it is accepting of a "take owner" protocol.
- OWN ED Control and ownership resides in a entity other than the manufacturer.
- the new owner can provide or generate a secret (e.g., a symmetric key) as proof that device ownership has been taken by the new owner.
- the 'secret' may be used to establish a bootstrap service (key, U RL) that instructs the device where to go when it needs to be bootstrap provisioned. This may be done so that the owner's pre-shared key (PSK), initially used to provision the bootstrap server, does not need to be frequently used. This, in turn, allows the owner's PSK values to be archived in a safe location.
- PSK pre-shared key
- These keys need only be used when the device needs to be wiped clean of all provisioning data, but where retaking ownership is not desired. This step can be done down-the-wire or over-the-air.
- PROVISIONED Device is provisioned in accordance with the new owner's designated bootstrap service.
- Provisioning all of the devices in a shoal and creating role privileges that all the devices recognize and can validate may be part of the credential structure on each device.
- An loT device can have a set of resources that define its behavior and nature. Resource access, in turn, may be restricted using an access control list (ACL). In this state a device is provisioned with all ACLs it needs to perform its designated function (i.e., so that it may be "controlled”).
- ACL access control list
- CON FIGU RED Devices with resources may be ready to perform some duty, but would not do anything without another device (a client) asking it to do so. Since client devices may be headless (lacking a graphical user-interface) and autonomous, there needs to be a way to tell a server what to do. In this state, all necessary script(s) and/or control logic needed to permit the device (acting as a client) to trigger an action in another device (acting as a server) have been obtained.
- OPERATIONAL Device is fully provisioned and ready to begin
- UN-OWN ED ⁇ Device asserts the "take-owner" protocol to shift OWN ED ownership to a new owner.
- OWN ED ⁇ Device uses bootstrap key to access the designated PROVISION ED bootstrap service to bootstrap provision itself. Table 2. Example State Machine State Transitions
- PROVISIONED ⁇ Pair-wise symmetric keys are created, provisioned REGISTERED and used to establish secure communications
- the devices may be said to be "registered" with one another.
- REGISTERED ⁇ Device asserts a role within the shoal to other shoal ENROLLED members (e.g., administrator or synchronization broker) so that it may gain access to functionality and resources that require privilege. For example, the ability to broadcast or multi-cast to other devices requires a symmetric key that is shared by all the other devices being communicated with.
- Provisioning all of the devices in a shoal and creating role privileges that all the devices recognize and can validate may be part of the credential structure of each device.
- a device's ACL policy and CONTROLLED provisioning may be configured (this is what allows a device to be controlled). Devices that don't have any ACLs may default to no-access. Such a policy necessarily needs to allow interaction with a provisioning service that supplies the ACLs.
- CONTROLLED ⁇ Device obtains the necessary script(s) and/or control CONFIGURED logic that permits it to ask another device (acting as a server) to do some task. This establishes the highest level of configuration without the device actually doing something.
- CONFIGURED ⁇ Device issues or receives a trigger, broadcast, OPERATIONAL multicast or timer to signal all the shoal's devices that they are to begin executing their programmed task. (Triggering may not need to be a synchronized Table 2.
- remediation service 310 may be notified.
- control from remediation server 310 is returned to device 105; the specific state can depend upon which state failed.
- control may be returned to the state that failed.
- control may be returned to the last successfully traversed state.
- control may be returned to a known/specified error-return state (not shown).
- device 105A knows its owner but is not otherwise provisioned - e.g., it is in the OWNED state. In practice this may be accomplished using an anonymous identification key (AIK) for which some local service vets. There can then be a challenge/response sequence wherein the server (“owner”) authenticates the client (IoT device) using this key only during the "get acquainted” phase, the public key may be used to encrypt a random number or string that can become a shared secret.
- AIK anonymous identification key
- the public key may be used to encrypt a random number or string that can become a shared secret.
- EAP Extensible Authentication Protocol
- lx switches, allows this exchange to occur prior to authenticated Dynamic Host Configuration Protocol (DHCP) exchanges [i.e., the device may do this prior to ascertaining its IP address).
- DHCP Dynamic Host Configuration Protocol
- PKI Public Key Infrastructure
- shoal- 1 110 includes IoT devices 105A-E
- the shoal's shared context includes the shoal's current state
- example shoal shared context 400 illustrates the types of information that may be used to track a shoal's state. In one embodiment, there isn't necessarily a dominant shoal controller, though one or more devices may be nominated as a
- Additional devices may also be nominated as shoal service entities supporting security, management and access needs. (The creation of role privileges that all of a shoal's devices recognize and can validate may be part of the credential structure on each device.)
- Shoal devices may also include cloud and enterprise services, but isolation technologies may need to be used to reasonably ensure the cloud hosted entity is prevented from introducing non-shoal devices/controllers into the shoal.
- the shoal name itself may be assigned by a trusted naming authority such as an Internet Domain Naming Service (DNS) also known as DANE DNS (Domain Name System)-Based Authentication of Named Entities.
- DNS Internet Domain Naming Service
- DANE DNS Domain Name System
- a system in accordance with this disclosure may accept shoal names from a DANE or other naming authority.
- the Shoal may embed the trust anchor of a DANE authority as part of the shoal resource (e.g. External Cred).
- the shoal name my be given to a peer shoal or organization network hosting a key distribution service such as Kerberos where the tickets assigned contain the DANE assigned name as the Kerberos 'realm' name.
- each device in shoal-1 110 is in a different state.
- the shoal's current state 405 may be an amalgamation of the respective shoal device states.
- a reasonable methodology for determining the shoal's current state is to take the most primitive of the shoal's device's state. Comparing FIG. 4 to FIG. 3 or Table 1, the most primitive device state is "OWNED".
- the shoal's next state value 410 is designed to drive all devices to the OPERATIONAL state which, in the example of FIG. 3 and Table 1, is the state in which the collective function of the shoal may be manifest. Though each device is at a different provisioning state, this does not necessarily mean the devices are not connected and cannot perform operations. They can perform provisioning operations.
- Shoal state variables may be maintained locally at each device so that each device may independently function to acquire provisioning from accessible/neighboring devices and services.
- Shoal state variables e.g., currentsstate and nextsstate
- Shoal state variables may be synchronized across each shoal member so each knows its own state and the shoal's state.
- synchronization may be achieved using a group multi-cast or publish-subscribe relays such as the MQTT (formerly Message Queue Telemetry Transport) and Extensible Messaging and Presence Protocol (XMPP) message brokers.
- MQTT formerly Message Queue Telemetry Transport
- XMPP Extensible Messaging and Presence Protocol
- IoT devices As described herein have no need for a centralized manageability server that must be available whenever a device is in remediation.
- One benefit of a state machine based approach to device provisioning is that it can free a system's administrator from micro-managing each device's provisioning operations.
- each device's state machine defines what it may do (but not necessarily how)
- different devices may perform the same function in different ways - each according to their own operational capabilities. This, in turn, can improve the operational efficiency of a shoal. This same capability permits newer devices to be easily integrated into existing IoT systems (shoals).
- benefits of the disclosed techniques include, but are not limited to: use of a group context structure containing goal-oriented provisioning state variables; use of a group context structure that is defined across shoal members; IoT devices with provisioning state variables; use of Trusted Execution Environment (TEE) protocols to permit the protected execution of a shoal entity; use of one (or more) shoal member devices to assist in the provisioning of a neighbor shoal member device; use of a shoal access control structure/policy to enforce access of shoal member resources by other shoal devices and non-shoal devices; use of an attestation method such as, for example, the Enhanced Privacy ID (EPID) and Sigma key exchange protocols to establish a provisioning channel between one IoT device and a sibling IoT device authorized to share provisioning information;
- EEE Trusted Execution Environment
- Example 1 is an Internet of Things (IoT) device, comprising: device hardware configured to function in accordance with a type of device; IoT hardware including: a network communication circuit configured to connect to a network communication medium, memory communicatively coupled to the network communication circuit, and a processor operatively coupled to the device hardware, the network communication circuit and the memory, the memory storing instructions that when executed cause the processor to: employ a provisioning state machine corresponding to the type of device and IoT hardware, wherein the provisioning state machine includes a plurality of states, the final state being an operational state, establish a shoal-specific state information in the memory in accordance with the provisioning state machine, establish an IoT device-specific state information in the memory in accordance with the provisioning state machine, establish communication through the network communication circuit with one or more additional IoT devices, wherein the IoT device and each of the one or more additional IoT devices belong to a shoal of IoT devices, determine, based on the established communication, a state of the
- Example 2 the subject matter of Example 1 can optionally include wherein the type of device comprises a pump controller.
- Example 3 the subject matter of Example 1 can optionally include wherein the network communication medium comprises a wireless network communication medium.
- Example 4 the subject matter of any one of Examples 1-3 can optionally include wherein the IoT hardware further includes a cryptographic element communicatively coupled to the processor.
- Example 5 the subject matter of Example 4 can optionally include further comprising instructions stored in the memory that, when executed, cause the processor to use the cryptographic element to establish secure communication with the one or more additional IoT devices.
- Example 6 the subject matter of any one of Examples 1-3 can optionally include wherein the instructions to cause the processor to sequence through the plurality of states comprise instructions to cause the processor to use a mismatch between the shoal state and the IoT device state to initiate action to move to a new state in accordance with the provisioning state machine.
- Example 7 the subject matter of any one of Examples 1-3 can optionally include wherein each state in the provisioning state machine has actions associated with provisioning the IoT device.
- Example 8 is an Internet of Things (IoT) operational method, comprising: loading an IoT device with a provisioning state machine control software, wherein the provisioning state machine control software corresponds to the type of IoT device and includes a plurality of states, the final state being an operational state; establishing a shoal-specific state information and a device-specific state information in a memory of the IoT device in accordance with the provisioning state machine; establishing communication through a network communication circuit of the IoT device with one or more additional IoT devices, wherein the IoT device and each of the one or more additional IoT devices belong to a shoal of IoT devices; determining, based on the established communication, a state of the shoal and recording the same in the shoal-specific state information; determining a state of the IoT device and recording the same in the IoT device-specific state information; and sequencing through the plurality of states based on a combination of the shoal state and the IoT device state
- Example 10 the subject matter of Example 8 can optionally include wherein the network communication medium comprises a wireless network communication medium.
- Example 11 the subject matter of any one of Examples 8-10 can optionally include further comprising using a cryptographic element of the IoT device to establish secure communication with at least one of the one or more additional IoT devices.
- Example 12 the subject matter of any one of Examples 8-10 can optionally include wherein sequencing through the plurality of states comprises using a mismatch between the shoal state and the IoT device state to initiate action to move to a new state in accordance with the provisioning state machine.
- Example 13 the subject matter of any one of Examples 8-10 can optionally include wherein each state in the provisioning state machine has actions associated with provisioning the IoT device.
- Example 14 is a program storage device comprising
- IoT Internet of Things
- Example 15 the subject matter of Example 14 can optionally include wherein the instructions to establish communication through a network communication circuit comprise instructions to establish
- Example 16 the subject matter of any one of Examples 14-
- communication through a network communication circuit comprise instructions to establish secure communication through a network communication circuit using a cryptographic element of the IoT device.
- Example 17 the subject matter of any one of Examples 14-
- the instructions to cause the processor to sequence through the plurality of states comprise instructions to cause the processor to use a mismatch between the shoal state and the IoT device state to initiate action to move to a new state in accordance with the provisioning state machine.
- Example 18 is an Internet of Things (IoT) device, comprising: a processor; a memory operatively coupled to the processor, the memory storing instructions that when executed cause the processor to: activate a provisioning state machine corresponding to the IoT device's type, wherein the provisioning state machine includes a plurality of states, the final state being an operational state; establish a shoal-specific state information in a memory of the IoT device in accordance with the provisioning state machine; establish an IoT device-specific state information in the memory in accordance with the provisioning state machine; establish communication through a network communication circuit with one or more additional IoT devices, wherein the IoT device and each of the one or more additional IoT devices belong to a shoal of IoT devices; determine, based on the established communication, a state of the shoal and record the same in
- IoT Internet of Things
- Example 20 the subject matter of Example 19 can optionally include wherein the instructions to establish communication through a network communication circuit comprise instructions to establish
- Example 21 the subject matter of any one of Examples 19-
- Example 22 the subject matter of any one of Examples 19-
- the instructions to cause the processor to sequence through the plurality of states comprise instructions to cause the processor to use a mismatch between the shoal state and the IoT device state to initiate action to move to a new state in accordance with the provisioning state machine.
- Example 23 the subject matter of Example 19 can optionally include wherein each state in the provisioning state machine has actions associated with provisioning the IoT device.
- each shoal member may share credentials with only some (but not all) other shoal members.
- each shoal may have multiple synchronization members. In one embodiment (such as that described above), a single shoal member may act as the synchronization broker for an entire shoal. In another embodiment, a different
- synchronization broker may be used for each shoal/group attribute [e.g., calculate shoal state, keep group membership, and credential management).
- shoal/group attribute e.g., calculate shoal state, keep group membership, and credential management.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Telephonic Communication Services (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562138255P | 2015-03-25 | 2015-03-25 | |
US14/717,754 US9461976B1 (en) | 2015-03-25 | 2015-05-20 | Goal-driven provisioning in IoT systems |
PCT/US2016/019648 WO2016153717A1 (en) | 2015-03-25 | 2016-02-25 | Goal-driven provisioning in lot systems |
Publications (3)
Publication Number | Publication Date |
---|---|
EP3275123A1 true EP3275123A1 (en) | 2018-01-31 |
EP3275123A4 EP3275123A4 (en) | 2018-10-10 |
EP3275123B1 EP3275123B1 (en) | 2021-06-09 |
Family
ID=56975865
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16769277.1A Active EP3275123B1 (en) | 2015-03-25 | 2016-02-25 | Goal-driven provisioning in iot systems |
Country Status (4)
Country | Link |
---|---|
US (2) | US9461976B1 (en) |
EP (1) | EP3275123B1 (en) |
CN (1) | CN107820699B (en) |
WO (1) | WO2016153717A1 (en) |
Families Citing this family (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101634295B1 (en) * | 2014-12-16 | 2016-06-30 | 주식회사 윈스 | System and method for providing authentication service for iot security |
US20160364553A1 (en) * | 2015-06-09 | 2016-12-15 | Intel Corporation | System, Apparatus And Method For Providing Protected Content In An Internet Of Things (IOT) Network |
US10175666B2 (en) * | 2015-10-30 | 2019-01-08 | International Business Machines Corporation | Managing internet of things collection having different capabilities |
US9742740B2 (en) * | 2015-11-18 | 2017-08-22 | Adobe Systems Incorporated | Internet of things datapoint engine |
US10171462B2 (en) * | 2015-12-14 | 2019-01-01 | Afero, Inc. | System and method for secure internet of things (IOT) device provisioning |
US10116573B2 (en) | 2015-12-14 | 2018-10-30 | Afero, Inc. | System and method for managing internet of things (IoT) devices and traffic using attribute classes |
US10455452B2 (en) | 2015-12-14 | 2019-10-22 | Afero, Inc. | System and method for flow control in an internet of things (IoT) system |
CN108293002B (en) | 2015-12-26 | 2021-09-24 | 英特尔公司 | Method, medium, system for managing machine-to-machine system |
US11146449B2 (en) | 2016-02-19 | 2021-10-12 | Intel Corporation | Network architecture for internet-of-things device |
US10310832B2 (en) * | 2016-02-19 | 2019-06-04 | Intel Corporation | Internet-of-things device blank |
US20180284735A1 (en) * | 2016-05-09 | 2018-10-04 | StrongForce IoT Portfolio 2016, LLC | Methods and systems for industrial internet of things data collection in a network sensitive upstream oil and gas environment |
US11774944B2 (en) | 2016-05-09 | 2023-10-03 | Strong Force Iot Portfolio 2016, Llc | Methods and systems for the industrial internet of things |
US11327475B2 (en) | 2016-05-09 | 2022-05-10 | Strong Force Iot Portfolio 2016, Llc | Methods and systems for intelligent collection and analysis of vehicle data |
US10484389B2 (en) | 2016-08-30 | 2019-11-19 | Dwelo, Inc. | Connected device rights management administration |
JP2019537808A (en) | 2016-09-19 | 2019-12-26 | ノースラップ,チャールズ | Thing machine |
US10270738B1 (en) * | 2016-09-19 | 2019-04-23 | Amazon Technologies, Inc. | Aggregated group state for a group of device representations |
US10887174B2 (en) * | 2016-09-19 | 2021-01-05 | Amazon Technologies, Inc. | Group command management for device groups |
US10270875B1 (en) * | 2016-09-19 | 2019-04-23 | Amazon Technologies, Inc. | Dynamic grouping of device representations |
US10581620B2 (en) | 2016-11-14 | 2020-03-03 | Integrity Security Services Llc | Scalable certificate management system architectures |
CN114826577A (en) * | 2016-11-14 | 2022-07-29 | 诚信保安服务有限责任公司 | Secure provisioning and management of devices |
JP7256742B2 (en) * | 2016-12-07 | 2023-04-12 | ノースラップ,チャールズ | Thing machine system and method |
US10164983B2 (en) * | 2017-01-20 | 2018-12-25 | Verizon Patent And Licensing Inc. | Distributed authentication for internet-of-things resources |
US10356088B1 (en) * | 2017-01-25 | 2019-07-16 | Salesforce.Com, Inc. | User authentication based on multiple asymmetric cryptography key pairs |
US11190344B2 (en) | 2017-01-25 | 2021-11-30 | Salesforce.Com, Inc. | Secure user authentication based on multiple asymmetric cryptography key pairs |
CN108540354A (en) * | 2017-03-02 | 2018-09-14 | 漳州立达信光电子科技有限公司 | Terminal device of network of things and the method for controlling multiple Internet of things device |
CN106941523B (en) * | 2017-03-14 | 2020-10-02 | 深圳蓝奥声科技有限公司 | Health monitoring information acquisition method and system based on Internet of things |
US10298581B2 (en) | 2017-04-28 | 2019-05-21 | Cisco Technology, Inc. | Zero-touch IoT device provisioning |
US11337070B2 (en) | 2017-06-19 | 2022-05-17 | Intel Corporation | User-authorized onboarding using a public authorization service |
US10440006B2 (en) | 2017-06-21 | 2019-10-08 | Microsoft Technology Licensing, Llc | Device with embedded certificate authority |
US10558812B2 (en) | 2017-06-21 | 2020-02-11 | Microsoft Technology Licensing, Llc | Mutual authentication with integrity attestation |
US10938560B2 (en) | 2017-06-21 | 2021-03-02 | Microsoft Technology Licensing, Llc | Authorization key escrow |
US10778516B2 (en) | 2017-09-08 | 2020-09-15 | Hewlett Packard Enterprise Development Lp | Determination of a next state of multiple IoT devices within an environment |
US11374760B2 (en) | 2017-09-13 | 2022-06-28 | Microsoft Technology Licensing, Llc | Cyber physical key |
US10693671B2 (en) | 2017-12-18 | 2020-06-23 | Cisco Technology, Inc. | Distributing traffic to multiple destinations via an isolation network |
US11195066B2 (en) | 2018-09-11 | 2021-12-07 | International Business Machines Corporation | Automatic protocol discovery using text analytics |
US11356440B2 (en) | 2018-11-30 | 2022-06-07 | International Business Machines Corporation | Automated IoT device registration |
US11405414B2 (en) | 2019-08-06 | 2022-08-02 | Bank Of America Corporation | Automated threat assessment system for authorizing resource transfers between distributed IoT components |
US11341485B2 (en) | 2019-08-06 | 2022-05-24 | Bank Of America Corporation | Machine learning based system for authorization of autonomous resource transfers between distributed IOT components |
US10921787B1 (en) | 2019-08-06 | 2021-02-16 | Bank Of America Corporation | Centralized resource transfer engine for facilitating resource transfers between distributed internet-of-things (IoT) components |
US11527165B2 (en) * | 2019-08-29 | 2022-12-13 | The Boeing Company | Automated aircraft system with goal driven action planning |
US11956639B2 (en) | 2020-10-26 | 2024-04-09 | International Business Machines Corporation | Internet of things device provisioning |
US11997759B2 (en) | 2021-09-23 | 2024-05-28 | Skylo Technologies, Inc. | Automated sensor integration and data collection |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6975915B2 (en) * | 2002-10-31 | 2005-12-13 | Sap Ag | Cooperative smart items |
US7610584B2 (en) * | 2004-01-02 | 2009-10-27 | International Business Machines Corporation | Method, system, and product for defining and managing provisioning states for resources in provisioning data processing systems |
US8776018B2 (en) * | 2008-01-11 | 2014-07-08 | International Business Machines Corporation | System and method for restartable provisioning of software components |
WO2014130568A1 (en) * | 2013-02-19 | 2014-08-28 | Interdigital Patent Holdings, Inc. | Information modeling for the future internet of things |
US9847961B2 (en) * | 2013-02-25 | 2017-12-19 | Qualcomm Incorporated | Automatic IoT device social network expansion |
US9413827B2 (en) | 2013-02-25 | 2016-08-09 | Qualcomm Incorporated | Context aware actions among heterogeneous internet of things (IOT) devices |
US9292832B2 (en) * | 2013-02-25 | 2016-03-22 | Qualcomm Incorporated | Collaborative intelligence and decision-making in an IoT device group |
US9853826B2 (en) * | 2013-02-25 | 2017-12-26 | Qualcomm Incorporated | Establishing groups of internet of things (IOT) devices and enabling communication among the groups of IOT devices |
US9900172B2 (en) * | 2013-04-25 | 2018-02-20 | Qualcomm Incorporated | Coordinated resource sharing in machine-to-machine communication using a network-based group management and floor control mechanism |
MY166564A (en) * | 2013-04-25 | 2018-07-16 | Mimos Berhad | A system and method for privacy management for internet of things services |
EP3005659B1 (en) * | 2013-05-28 | 2019-07-10 | Convida Wireless, LLC | Load balancing in the internet of things |
US9124563B2 (en) * | 2013-08-19 | 2015-09-01 | Gemalto Sa | Method for asynchronously provisioning keys from one secure device to another |
KR101662396B1 (en) * | 2014-10-13 | 2016-10-05 | 한국과학기술원 | Method and system for controlling device based internet of things |
US9832173B2 (en) * | 2014-12-18 | 2017-11-28 | Afero, Inc. | System and method for securely connecting network devices |
US20160198536A1 (en) * | 2015-01-06 | 2016-07-07 | Kiban Labs, Inc. | Internet-of-things (iot) hub apparatus and method |
-
2015
- 2015-05-20 US US14/717,754 patent/US9461976B1/en active Active
-
2016
- 2016-02-25 WO PCT/US2016/019648 patent/WO2016153717A1/en unknown
- 2016-02-25 CN CN201680030483.7A patent/CN107820699B/en active Active
- 2016-02-25 EP EP16769277.1A patent/EP3275123B1/en active Active
- 2016-09-16 US US15/267,289 patent/US9800468B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN107820699A (en) | 2018-03-20 |
EP3275123B1 (en) | 2021-06-09 |
US9800468B2 (en) | 2017-10-24 |
US9461976B1 (en) | 2016-10-04 |
WO2016153717A1 (en) | 2016-09-29 |
US20170005871A1 (en) | 2017-01-05 |
EP3275123A4 (en) | 2018-10-10 |
US20160285840A1 (en) | 2016-09-29 |
CN107820699B (en) | 2019-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9800468B2 (en) | Goal-driven provisioning in IoT systems | |
US11838841B2 (en) | System, apparatus and method for scalable internet of things (IOT) device on-boarding with quarantine capabilities | |
US10382203B1 (en) | Associating applications with Internet-of-things (IoT) devices using three-way handshake | |
US20200328885A1 (en) | Enhanced monitoring and protection of enterprise data | |
EP3512155A1 (en) | Method and system for providing secure access to artifacts in a cloud computing environment | |
US20180316676A1 (en) | Dynamic computing resource access authorization | |
JP6255091B2 (en) | Secure proxy to protect private data | |
US20200259667A1 (en) | Distributed management system for remote devices and methods thereof | |
US10645557B2 (en) | Transferable ownership tokens for discrete, identifiable devices | |
EP3656107B1 (en) | Secure real-time clock update in an access control system | |
KR20170063967A (en) | Providing devices as a service | |
KR20110122731A (en) | Introducing encryption, authentication, and authorization into a publication and subscription engine | |
US11843601B2 (en) | Methods, systems, and computer readable mediums for securely establishing credential data for a computing device | |
Walz et al. | PROFINET security: A look on selected concepts for secure communication in the automation domain | |
US20210258163A1 (en) | Management of devices joining a network | |
CN111698299B (en) | Session object replication method, device, distributed micro-service architecture and medium | |
US11805117B2 (en) | Onboarding for remote management | |
JP2018067327A (en) | Secure proxy for protecting private data | |
US12074915B1 (en) | Connection management device and common API | |
Doan | Smart Home with Resilience Against Cloud Disconnection | |
US20220191089A1 (en) | Electronic device configuration mechanism | |
Pi | Secure bootstrapping and access control in NDN-based smart home systems | |
Zhang | Secure and Practical Splitting of IoT Device Functionalities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20171025 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: MCAFEE, LLC |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20180906 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 29/08 20060101ALI20180901BHEP Ipc: H04L 29/06 20060101ALI20180901BHEP Ipc: H04L 12/24 20060101AFI20180901BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20190628 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20210113 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1401386 Country of ref document: AT Kind code of ref document: T Effective date: 20210615 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602016059142 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210909 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1401386 Country of ref document: AT Kind code of ref document: T Effective date: 20210609 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20210609 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602016059142 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0012240000 Ipc: H04L0041000000 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210909 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210910 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20211011 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602016059142 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
26N | No opposition filed |
Effective date: 20220310 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20220228 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20220225 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220225 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220228 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220225 Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220225 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220228 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220228 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20231229 Year of fee payment: 9 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20160225 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20231229 Year of fee payment: 9 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210609 |